3 Answers
3

This question makes more sense when you invert it. Which is to say that the main weakness of software-based OTP generators is the same as the main strength of hardware-based OTP devices.

Specifically, software based devices can be cloned if the secret key can be retrieved. Hardware devices ideally implement physical security measures to make it difficult extract the secret data. Ideally, key material never leaves the associated chip, and additional security measures (e.g. epoxy resin casing around the electronics) inhibit attempts to extract information using hardware probes.

Conversely, software-based devices store key material the same as any other information is stored: in general-purpose physical memory. This means that the key is only as secure as the system it runs on. Any type of software-based exploit could be leveraged to extract the secret key and then clone the OTP generator. And in particular, the device owner may not ever know that the key has been cloned, since the original will continue to work, and physical access to the device may not even be necessary for the attacker.

Furthermore, the more this devices is used for (e.g. the more apps you install on your phone) the larger the potential attack surface and the greater the opportunity for exploit. Hardware tokens, on the other hand, are single-purpose devices, which makes for a very low probability of attack or exploit.

Accepted answer is quite correct. One improvement is to better protect the key. For example on Android you can run the GoogleAuthenticator, or generate the same keys from the YubiAuth app that requires a Yubikey to decode the key and generate the codes. Its two factor auth, for your two factor auth!
–
Jason Coyne2 days ago

A generator for one-time passwords is a system which, as a whole, contains a master secret from which the one-time passwords are generated. Details vary depending on the specific OTP algorithm, but the generic concept applies: there is some secret data stored in the system, and that data is a very valuable target for the attacker.

The system consists of some software (the implementation of the algorithm) and some hardware (on which the software runs). When you use a "software-based OTP generator" on your smartphone, you are actually saying that the hardware part of the system is, in fact, your smartphone. This implies that some extra software is included in the security perimeter: namely, the phone operating system and all its applications. Smartphones are complex computers and they are prone to be hacked, especially since they are, by essence, network-able devices.

Compared to storing a many-times-password (a fixed authentication secret) within the phone (which is exactly what happens when you have long-lived secure cookie in your Web browser), a mobile software-based OTP generator protects you (to some extent) against shortcomings of the protocol into which you use the OTP; but no further.